Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

The version of Oracle Business Intelligence Enterprise Edition (OAS) 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory, including the following:

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (OpenSSL)). Supported versions that are affected are 7.0.0.0.0 and     7.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS     to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability     can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business     Intelligence Enterprise Edition. (CVE-2023-5678)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: Analytics Server (curl)). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0     and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via     SOCKS5 to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this     vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. (CVE-2023-38545)

  - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics     (component: BI Platform Security, Analytics Web Answers (RequireJS)). Supported versions that are     affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated     attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition.     Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized     update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible     data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business     Intelligence Enterprise Edition. (CVE-2024-38999)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 1.5.0, 20.3.40, 21.2.71, 22.3.45, 23.3.33, and 24.1.17 versions of NoSQL Database installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in Oracle NoSQL Database (component: Administration (Netty)). Supported versions that are     affected are 20.3.40, 21.2.71, 22.3.45, 23.3.33 and 24.1.17. Easily exploitable vulnerability allows low     privileged attacker with network access via HTTP to compromise Oracle NoSQL Database. Successful attacks     of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial     DOS) of Oracle NoSQL Database. (CVE-2024-29025)

  - Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Apache Commons     Configuration)). This vulnerability cannot be exploited in the context of this product. (CVE-2024-29131,     CVE-2024-29133)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150045 advisory.

  - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons     Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the     issue. (CVE-2024-29131, CVE-2024-29133)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95975 advisory.

  - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons     Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the     issue. (CVE-2024-29133)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c673517dce advisory.

    This update contains security fixes for CVE-2024-29131 and CVE-2024-29133.

    See https://github.com/apache/commons-configuration/blob/master/RELEASE-NOTES.txt for changes in versions     2.10.0 and 2.10.1.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1365-1 advisory.

  - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons     Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the     issue. (CVE-2024-29131, CVE-2024-29133)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1377-1 advisory.

  - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons     Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the     issue. (CVE-2024-29131, CVE-2024-29133)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fa7b758114 advisory.

    This update contains security fixes for CVE-2024-29131 and CVE-2024-29133.

    See https://github.com/apache/commons-configuration/blob/master/RELEASE-NOTES.txt for changes in versions     2.10.0 and 2.10.1.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
210338	Oracle Business Intelligence Enterprise Edition (OAS 7.0) (October 2024 CPU)	Nessus	Misc.	critical
209385	Oracle NoSQL Database (October 2024 CPU)	Nessus	Databases	high
201104	IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150045)	Nessus	Web Servers	high
201101	Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95975)	Nessus	CGI abuses	medium
194596	Fedora 40 : apache-commons-configuration (2024-c673517dce)	Nessus	Fedora Local Security Checks	high
193723	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration2 (SUSE-SU-2024:1365-1)	Nessus	SuSE Local Security Checks	high
193715	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration (SUSE-SU-2024:1377-1)	Nessus	SuSE Local Security Checks	high
192710	Fedora 39 : apache-commons-configuration (2024-fa7b758114)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2024-29133

medium

Tenable Plugins

critical

high

high

medium

high

high

high

high